Thankyou Sumit. Indeed I do have adcli installed, and I am investigating this issue usign the higher log level which you suggest.

I think this is a problem with domain names.
When I use msktutil to renew the machine password I must explicitly run
msktutil ..auto-update --computer-nameĀ  myhostname

This is becauseĀ  the DNS domain of my workstation does not match the Active Directory realm name




On 4 July 2018 at 08:48, Sumit Bose <sbose@redhat.com> wrote:
On Mon, Jun 25, 2018 at 05:12:25PM +0200, John Hearns wrote:
> After 30 days of running sssd I found that my test workstation no longer
> connected to the domain.
> The machine account password had timed out.
> I now run a daily cron job using msktutil wihch will auto-update the
> password.
>
> However I should not have to do this. sssd should update the machine
> password.
>
> I can see entries in the logs such that the machine account password
> renewal task is enabled.
> Then:
>
> [be_ptask_execute] (0x0400): Task [AD machine account password renewal]:
> executing task, timeout 60 seconds
>
> How though can I see if this taks is successful or not?
> I realise that if the machine account is less than 30 days old the task
> probably silently completes OK without any logging.

Do you have adcli installed?

If you set 'debug_level=7' or higher in the [domain/...] section of
sssd.conf you should be able to find the debug output of adcli in the
logs, it will start with '--- adcli output start---'.

HTH

bye,
Sumit

>
> The version of sssd is 16.1 running on Ubuntu
>
>
> John Hearns

> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/2F77SPP4CXHS4YMKCMHIA5EJHI424VNV/
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/EHQHLPX24S45CM4ELUUDG7NHQHWQK7TE/